Add workflow to promote artifacts upon QA-approval#241
Add workflow to promote artifacts upon QA-approval#241seriAlizations wants to merge 1 commit intorc/ncw-4from
Conversation
upon QA-approval Signed-off-by: Aliza Held <aliza.held@strato.de>
printminion-co
force-pushed
the
ah/dev/promote-qa-approved-artifacts
branch
from
da01fa6 to
5e211e0
Compare
There was a problem hiding this comment.
Pull request overview
This PR adds a GitHub Actions workflow to promote QA-approved artifacts from the development branch to the stable branch. The workflow ensures that artifacts are promoted without rebuilding, maintaining the exact same commit SHA throughout the process.
Changes:
- Adds a new workflow that performs a fast-forward merge from
ionos-devtoionos-stable - Implements artifact promotion from snapshot repository to release repository in Artifactory
- Includes verification steps to ensure the SHA exists in the development branch before promotion
| workflow_dispatch: | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
| SHA: ${{ github.sha }} |
There was a problem hiding this comment.
Using github.sha will always reference the commit that triggered the workflow, not the intended artifact commit. Since this is a workflow_dispatch event (manual trigger), you need to add an input parameter to allow users to specify the SHA of the commit they want to promote. Without this, the workflow cannot promote arbitrary QA-approved commits.
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| SHA: ${{ github.sha }} | |
| workflow_dispatch: | |
| inputs: | |
| sha: | |
| description: 'Commit SHA to promote from ionos-dev to ionos-stable and copy artifacts for' | |
| required: true | |
| type: string | |
| env: | |
| REGISTRY: ghcr.io | |
| SHA: ${{ inputs.sha }} |
| run: | | ||
| git checkout ionos-stable | ||
| git fetch origin ionos-stable ionos-dev | ||
| #verify SHA is on ionos-dev |
There was a problem hiding this comment.
Corrected spacing in comment: should be '# verify' with a space after the hash.
| #verify SHA is on ionos-dev | |
| # verify SHA is on ionos-dev |
| id: verify_sha | ||
| run: | | ||
| git checkout ionos-stable | ||
| git fetch origin ionos-stable ionos-dev |
There was a problem hiding this comment.
The checkout and fetch operations are redundant. Since the repository is already checked out in the previous step with fetch-depth: 0, you already have all branches and history. You can simplify this to just git checkout ionos-stable and remove the fetch command.
| git fetch origin ionos-stable ionos-dev |
| if ! jf rt search "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*.tar.gz"; then | ||
| echo "No artifact with SHA $SHA found." | ||
| exit 1 | ||
| else | ||
| echo "Artifact found for SHA $SHA" |
There was a problem hiding this comment.
The jf rt search command returns success (exit code 0) even when no artifacts are found; it only fails on errors. This means your conditional logic will not work as intended. You need to capture the output and check if any results were returned, or use --fail-no-op flag if available in your JFrog CLI version.
| if ! jf rt search "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*.tar.gz"; then | |
| echo "No artifact with SHA $SHA found." | |
| exit 1 | |
| else | |
| echo "Artifact found for SHA $SHA" | |
| RESULTS="$(jf rt search "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*.tar.gz")" | |
| if [ -z "$RESULTS" ]; then | |
| echo "No artifact with SHA $SHA found." | |
| exit 1 | |
| else | |
| echo "Artifact(s) found for SHA $SHA:" | |
| echo "$RESULTS" |
| if ! jf rt search "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*.tar.gz"; then | ||
| echo "No artifact with SHA $SHA found." | ||
| exit 1 | ||
| else | ||
| echo "Artifact found for SHA $SHA" | ||
| fi | ||
|
|
||
| - name: Copy artifact to target | ||
| id: copy_artifact | ||
| run: | | ||
| jf rt copy \ | ||
| "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*" \ |
There was a problem hiding this comment.
The source path pattern uses wildcards that could match multiple artifacts if the directory structure allows. Consider adding explicit error handling or validation to ensure only the expected artifact is copied. Additionally, document the expected directory structure in a comment for future maintainers.
| if ! jf rt search "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*.tar.gz"; then | |
| echo "No artifact with SHA $SHA found." | |
| exit 1 | |
| else | |
| echo "Artifact found for SHA $SHA" | |
| fi | |
| - name: Copy artifact to target | |
| id: copy_artifact | |
| run: | | |
| jf rt copy \ | |
| "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*" \ | |
| # Expected Artifactory layout: | |
| # ionos-productivity-ncwserver-snapshot/ | |
| # dev/<branch-name>/$SHA/<artifact-files> | |
| # | |
| # We search for a single .tar.gz artifact for the given SHA and | |
| # derive its containing directory. This avoids using wildcards | |
| # for the branch component when copying to the release repo. | |
| set -e | |
| SEARCH_RESULT=$(jf rt search --format=json --limit=2 "ionos-productivity-ncwserver-snapshot/dev/*/$SHA/*.tar.gz") | |
| MATCH_COUNT=$(echo "$SEARCH_RESULT" | jq '.results | length') | |
| if [ "$MATCH_COUNT" -eq 0 ]; then | |
| echo "No artifact with SHA $SHA found." | |
| exit 1 | |
| fi | |
| if [ "$MATCH_COUNT" -gt 1 ]; then | |
| echo "Multiple artifacts found for SHA $SHA; expected exactly one." | |
| echo "$SEARCH_RESULT" | |
| exit 1 | |
| fi | |
| ARTIFACT_REPO=$(echo "$SEARCH_RESULT" | jq -r '.results[0].repo') | |
| ARTIFACT_PATH=$(echo "$SEARCH_RESULT" | jq -r '.results[0].path') | |
| # Derive the directory that contains all artifacts for this SHA | |
| ARTIFACT_DIR_PATH=$(dirname "$ARTIFACT_PATH") | |
| ARTIFACT_DIR="$ARTIFACT_REPO/$ARTIFACT_DIR_PATH" | |
| echo "Using artifact directory: $ARTIFACT_DIR" | |
| # Expose the directory as a step output for the copy step | |
| echo "artifact_dir=$ARTIFACT_DIR" >> "$GITHUB_OUTPUT" | |
| - name: Copy artifact to target | |
| id: copy_artifact | |
| run: | | |
| jf rt copy \ | |
| "${{ steps.find_artifact.outputs.artifact_dir }}/*" \ |
2 participants
Summary
TODO
Checklist